Another issue around key recovery
involves who is authorized to do it. Giving someone key recovery privileges
implies that they are being given the ability to obtain ANYONEs
keys, and can decrypt any private messages and perhaps even digitally
sign messages with others identity. Therefore, personnel given
this privilege should be highly trusted, and appropriate record-keeping
methods should be in effect to help ensure that this privilege is not
abused.

Because of the significant exposure
presented by a single person having key recovery privileges, organizations
have come up with a variety of ways to see that the cooperation of multiple
staffers is required to recover a key. This is implemented differently
depending on the key escrow system used, but usually involves some degree
of M of N control, which is described in the next section.

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!